Streaming restore of a database from a backup system

ABSTRACT

A distributed data warehouse system may maintain data blocks on behalf of clients in multiple clusters in a data store. Each cluster may include a single leader node and multiple compute nodes, each including multiple disks storing data. The warehouse system may store primary and secondary copies of each data block on different disks or nodes in a cluster. Each node may include a data structure that maintains metadata about each data block stored on the node, including its unique identifier. The warehouse system may back up data blocks in a remote key-value backup storage system with high durability. A streaming restore operation may be used to retrieve data blocks from backup storage using their unique identifiers as keys. The warehouse system may service incoming queries (and may satisfy some queries by retrieving data from backup storage on an as-needed basis) prior to completion of the restore operation.

RELATED APPLICATIONS

This application claims benefit of priority to U.S. ProvisionalApplication Ser. No. 61/730,024, entitled “STREAMING RESTORE OF ADATABASE FROM A BACKUP SYSTEM”, which was filed Nov. 26, 2012, and whichis incorporated herein by reference in its entirety.

BACKGROUND

A distributed storage service may include multiple concurrent processesexecuting across a distributed hardware infrastructure, such as one ormore clusters of computers. Various ones of these processes may beexecuting on different physical and/or logical (e.g., virtual) machinesin the cluster(s). In a storage service, for example, processes (e.g.,software servers) on different machines may each expose a programmaticinterface to clients, which the clients may use to access a storagesystem that may be implemented across multiple storage resources. Thestorage service may store multiple replicas of each data item in thesystem, such that any change to a data item on one server must bepropagated to one or more other servers.

Upon the failure of a node or disk drive, the data on the failed devicemust be restored. In many current storage systems that provide databaseservices, the entire data set must be restored (e.g., from a backup orarchive) before the system can resume accepting and processing queries.In some systems that perform incremental backups, restoring the systemafter a device failure involves performing multiple incremental restoreoperations (corresponding to multiple incremental backup operations). Inother storage systems, restoring the system after a device failureinvolves tracing through transaction logs to reconstruct the state ofthe system. For data warehouse systems that include a large number ofstorage devices, the amount of time that the system must be taken out ofservice to perform restore operations on one or a small number ofdevices may represent a significant cost in the system.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a flow diagram illustrating one embodiment of a method forperforming a streaming restore operation from a remote key-value durablestorage system.

FIG. 2 is a block diagram illustrating various components of adistributed data warehouse service from the perspective of its clients,according to some embodiments.

FIG. 3 is a block diagram illustrating various components of adistributed data warehouse system, according to one embodiment.

FIG. 4 is a block diagram illustrating a cluster in a distributed datawarehouse system, according to one embodiment.

FIG. 5 is a block diagram illustrating a superblock data structure,according to one embodiment.

FIG. 6 is a block diagram illustrating the use of a remote key-valuedurable storage system for backing up a data stored in distributed datawarehouse system, according to one embodiment.

FIG. 7 is a flow diagram illustrating one embodiment of a method forstoring a data block in a distributed data warehouse system.

FIG. 8 is a flow diagram illustrating one embodiment of a method forperforming a backup operation in a distributed data warehouse system.

FIGS. 9A-9B depict a flow diagram illustrating one embodiment of amethod for reconstructing data blocks following a failure in adistributed data warehouse system.

FIG. 10 is a flow diagram illustrating one embodiment of a method forresponding to a query request in a distributed data warehouse system.

FIG. 11 is a flow diagram illustrating one embodiment of a method fordetermining which of the copies of a data block to return in response toa query.

FIG. 12 is a flow diagram illustrating one embodiment of a method forpatching in a backup copy of a data block from a remote key-valuedurable storage system to satisfy a query.

FIG. 13 is a flow diagram illustrating one embodiment of a method forrestoring data blocks in a distributed data warehouse system from aremote key-value durable storage system in priority order.

FIG. 14 is a flow diagram illustrating one embodiment of a method fordetermining the order in which to restore data blocks from key-valuedurable backup storage.

FIG. 15 is a block diagram illustrating a computer system configured toimplement at least a portion of a distributed data warehouse system anda corresponding key-value durable backup storage system, according tovarious embodiments.

While embodiments are described herein by way of example for severalembodiments and illustrative drawings, those skilled in the art willrecognize that the embodiments are not limited to the embodiments ordrawings described. It should be understood, that the drawings anddetailed description thereto are not intended to limit embodiments tothe particular form disclosed, but on the contrary, the intention is tocover all modifications, equivalents and alternatives falling within thespirit and scope as defined by the appended claims. The headings usedherein are for organizational purposes only and are not meant to be usedto limit the scope of the description or the claims. As used throughoutthis application, the word “may” is used in a permissive sense (i.e.,meaning having the potential to), rather than the mandatory sense (i.e.,meaning must). Similarly, the words “include,” “including,” and“includes” mean including, but not limited to.

DETAILED DESCRIPTION

The systems described herein may, in some embodiments, implement a webservice that makes it quick, easy, and cost-effective for clients (e.g.,subscribers) to set up, operate, and scale a data warehouse in a cloudcomputing environment. The web service may manage time-consumingadministration tasks, allowing subscribers to focus on their ownapplications and businesses. In some embodiments, the data warehousesystem may be an enterprise-class database query and management systemthat is highly scalable and extensible. It may provide fast queryingcapabilities over structured data, may provide integration with variousdata loading and ETL (extract, transform, and load) tools, may provideclient connections with best-in-class business intelligence (BI)reporting, data mining, and analytics tools, and may be optimized forvery fast execution of complex analytic queries such as those includingmulti-table joins, sub-queries, and aggregation. In some embodiments,queries may be distributed and parallelized across multiple physicalresources, and the data warehouse system may be scaled up or down on anas needed basis. In some embodiments, subscribers may only pay for theresources they use. The data warehouse system may work effectively withdatabase schemas of various types and/or organizations, in differentembodiments.

In some embodiments, the distributed data warehouse systems describedherein may derive much of their performance and fast computing powerfrom the use of massively-parallel processing (MPP) and the clusteringof compute nodes that carry out the execution of compiled queries usinga divide-and-conquer strategy. In some embodiments, a cluster mayinclude one or more nodes, each including one or more disks, solid statedevices, or other persistent storage devices on which data blocks arestored on behalf of clients. In some embodiments, clients/subscribersmay submit queries in a number of ways, e.g., interactively via an SQLinterface to the data warehouse system. In other embodiments, externalapplications and programs may submit queries using Open DatabaseConnectivity (ODBC) and/or Java Database Connectivity (JDBC) driverinterfaces to the data warehouse system.

In typical large database systems, the time it takes to restore datafrom a backup may represent a significant cost to the system. Forexample, in many existing systems, the entire data set needs to berestored before the database system can be restarted following a failurein the system. In some embodiments, the data warehouse systems describedherein may be configured to back up data (e.g., the data making upvarious database tables) to a remote key-value storage systemincrementally (e.g., one physical data block at a time), and to store,as part of each incremental backup operation, a list of the all of thedata blocks in the system, whether they were backed up as part of thatincremental backup or as part of a previous incremental backupoperation. In some embodiments, the remote key-value storage system maybe dedicated for backup storage, while in other embodiments the remotekey-value storage system may provide general-purpose storage for avariety of clients and/or client applications. In various embodiments, adata warehouse system, a general-purpose computing system, or acomputing system that provides another type of service that stores datalocally in-memory (e.g., ephemerally) may write one or more copies ofthe data to a remote key-value storage system that employs disk,solid-state storage devices, or another type of persistent storage mediain order to provide durability. As described in more detail below, thedata warehouse systems described herein may be able to restart a clusterthat stores data on behalf of a storage system subscriber (e.g., in adatabase) following a failure (i.e., allowing it to accept and servicequeries) without waiting for the entire data set to be restored frombackup. Instead, a backup copy of any lost or corrupted data block maybe streamed into the memory of the data warehouse system from the backupsystem by directly addressing it in the remote system using a uniqueidentifier of the data block as a key.

Note that in the descriptions herein, the terms “data block” and“physical data block” may be used to refer to a portion (or block) ofdata that is stored as an individual (or separable) object in adistributed data warehouse system and/or in a remote key-value durablebackup storage system on behalf of clients (e.g., users, clientapplications, and/or data warehouse service subscribers), or may be usedto refer to that portion (or block) of the data as it is stored on aphysical disk in a distributed data warehouse system, in system memoryon a node in a distributed warehouse system (e.g., in systems thatimplement in-memory databases) and/or in a remote key-value durablebackup storage system, depending on the context in which these termsappear. In some embodiments, data may be stored in data blocks havingthe same size as a standard unit of the data stored in the memoryarchitecture for the system, which may correspond to a “page” in thememory. In other embodiments, the data blocks may be of a different sizethan the page size of the memory.

In some embodiments, the distributed data warehouse systems describedherein may store two or more copies of each data block locally in thesystem (e.g., across a cluster architecture). For example, in oneembodiment, a primary copy of each 1 MB physical data block may bestored on one disk of a node in a cluster, and one or more secondarycopies (replicas) of that physical data block may be stored on otherdisks of other nodes in the same cluster. However, rather thanreplicating (or mirroring) an entire disk on one other disk, the copiesof some of the data blocks stored on a given disk may be distributed ondifferent disks than the copies of other data blocks stored on the givendisk. The distributed data warehouse system may also store a copy ofeach data block as a separate object (i.e., value) in a remote backupstorage system that provides durable key-value storage, and may storethe keys for each data block within a list of data blocks in the system.For example, a superblock data structure that lists all of the datablocks stored in the data warehouse system (or in a node thereof) mayinclude multiple entries, each of which stores metadata about anindividual data block, and the metadata for each block may include aunique identifier (ID) that serves as a key to access a copy of the datablock stored in the remote backup storage system. In some embodiments,the distributed data warehouse system may provide very high durabilitystorage to its clients/subscribers by storing two copies of each datablock in a given cluster (e.g., a primary copy and a secondary copy) andstoring a third copy in a remote key-value durable storage system.

In some embodiments, when a disk or node in the distributed datawarehouse fails, it may or may not be possible to restore the lost orcorrupted data blocks from other disks within the cluster, depending onthe type and/or extent of the failure. For example, if the failure is adisk failure or a node failure, it may be possible to restore lost orcorrupted data blocks by copying them from the other disks within thecluster that store replicas of those data blocks (i.e., to quicklyreconstruct the database from data stored within the cluster itself).However, if the failure is a failure of an entire cluster, or is anothertype of failure after which it is not possible to reconstruct the lostor corrupted data blocks from within the cluster, the distributed datawarehouse may be configured to retrieve data from the backup storagesystem in order to reconstruct the lost or corrupted data blocks. Asdescribed in more detail herein, in some embodiments, the copies of datablocks in the remote storage system may be accessed in order to satisfyquery request before or after they have been retrieved (i.e., streamedin) from the remote storage system. For example, in some embodiments,the distributed data warehouse system may be configured to continue (orrestart) accepting and processing queries while a data set is beingreconstructed in the background. In other words, following a failure,the distributed data warehouse systems described herein may beconfigured to stream data in from the backup system on demand until orunless the entire data set (or at least the data targeted by anyreceived queries) is restored. As described in more detail below, insome embodiments, data blocks may be restored from remote storage inorder of how recently or how often they have been accessed in thedistributed data warehouse, or in order of how likely they are to beaccessed in the near future.

One embodiment of a method for performing a streaming restore operationfrom a remote key-value durable storage system is illustrated by theflow diagram in FIG. 1. As illustrated at 110, in this example, themethod may include a distributed data warehouse system storing datablocks in a cluster on behalf of a customer (e.g., a user, a clientapplication, or a storage service subscriber). The method may includethe data warehouse system backing up the data blocks by storing copiesof the data blocks in a remote key-value durable storage, as in 120. Asillustrated in this example, in response to a failure in the datawarehouse system, the method may include the data warehouse systeminitiating the restoration of one or more data blocks from the remotekey-value durable storage, as in 130. The method may also include, priorto all of the targeted data blocks being restored from the remotekey-value durable storage, the data warehouse system accepting andservicing queries (e.g., read requests and/or write requests) directedto the customer data, as in 140. In other words, the distributed datawarehouse system may be able to begin or to continue to accept andservice query requests following a failure without having to restore theentire data set, as in some previous database systems. For example, ifonly a portion of a cluster in the data warehouse system fails, thecluster may continue to accept and service queries without interruption.If an entire cluster fails (and affects all of the superblocks on thenodes in that cluster), one or more of the superblocks may need to bebrought into system memory before queries directed to the cluster can beaccepted and/or serviced so that the targeted data can be accessed inremote key-value durable storage. In some embodiments, each superblockmay be mirrored on one or more nodes other than the particular node forwhich it stores information (i.e., information about the data blocksstored as primary copies on the particular node).

In some embodiments, the distributed data warehouse systems describedherein may employ columnar storage for database tables. In other words,column information from database tables may be stored into data blockson disk, rather than storing entire rows of columns in each data block(as in traditional database schemes). In some embodiments, storing tabledata in such a columnar fashion may reduce the overall disk I/Orequirements for various queries and may improve analytic queryperformance. For example, storing database table information in acolumnar fashion may reduce the number of disk I/O requests performedwhen retrieving data into memory to perform database operations as partof processing a query (e.g., when retrieving all of the column fieldvalues for all of the rows in a table) and may reduce the amount of datathat needs to be loaded from disk when processing a query. Conversely,for a given number of disk requests, the column field values for manymore rows may be retrieved than if each data block stored an entiretable rows. In some embodiments, the disk requirements may be furtherreduced using compression methods that are matched to the columnarstorage data type. For example, since each block contains uniform data(i.e., column field values that are all of the same data type), diskstorage and retrieval requirements may be further reduced by applying acompression method that is best suited to the particular column datatype. In some embodiments, the savings in space for storing data blockscontaining only field values of a single column on disk may translateinto savings in space when retrieving and then storing that data insystem memory (e.g., when analyzing or otherwise processing theretrieved data). For example, for database operations that only need toaccess and/or operate on one or a small number of columns at a time,less memory space may be required than with traditional row-basedstorage, since only data blocks storing data in the particular columnsthat are actually needed to execute a query may be retrieved and storedin memory.

In various embodiments, the distributed data warehouse systems describedherein may support a standard or custom application programminginterface (API) for a variety of database operations. For example, theAPI may support operations for creating a database, creating a table,altering a table, creating a user, dropping a user, inserting one ormore rows in a table, copying values, selecting data from within a table(e.g., querying a table), cancelling or aborting a query, and/or otheroperations.

In some embodiments, each cluster of the distributed data warehousesystems described herein may include a leader node and multiplecomputing nodes (i.e. non-leader nodes, such as query engines), each ofwhich is virtual machine having some amount of storage (e.g., multipledisks) and/or processing power. In some embodiments, once it isconfigured, a cluster may be directly visible by (and accessible to) aclient/subscriber through a network address. In other words, aclient/subscriber may connect directly to a cluster (e.g., to submitqueries and receive responses to those queries) and may not have to gothrough a web server (or service) to access the cluster except to set upand manage the configuration of the cluster. In some embodiments, theleader node in each cluster (which may not store client/subscriber data)may maintain query plans (e.g., including schema information and/ormetadata) for performing various types of queries on the data stored bythe computing nodes in the cluster. Within the leader node, a schedulerprocess may send query tasks (e.g., via a private network communicationfabric) to the compute nodes for execution. In some embodiments, theleader node may also be responsible for partitioning incoming data(i.e., data included in write requests) for storage on various nodes ofthe cluster. For example, the leader node may determine the nodes onwhich primary copies of different portions of the received data will bestored.

In some embodiments, when a client request to perform a query (e.g., aread request or a write request) or some other type of databaseoperation is received (e.g., by the leader node in a cluster), thedistributed data warehouse system may spawn a new process to maintainsession information for the client, and that process may be maintainedas long as the client session remains open and that client is sendingquery requests to the leader node. The requested operation (a SQL queryor some other database operation) may be routed through a parser andoptimizer to develop a query execution plan to perform or execute thespecified query or database operation (i.e., the logical steps needed toperform the query). The query plan may then be routed to the executionengine, which generates and compiles query execution code that theleader node and the non-leader nodes (sometimes referred to herein asthe compute nodes) will execute to complete the query. In someembodiments, each of the individual execution plan steps may be involvea simple operation or manipulation of data, to be performed by thecompute nodes or the leader node, and the communication networkconnecting the leader node and compute nodes may be used to distributeintermediate results. In some embodiments, the distributed datawarehouse system may achieve excellent query execution performance byseparating query processes in each of multiple node slices in order toexecute the compiled query code in parallel. In addition, thedistributed data warehouse system may take advantage of optimizednetwork communication, memory and disk management to pass intermediateresults from one query plan step to the next, which may also help tospeed query execution. In some embodiments, the last segment of a querymay return the requested data. If the return set is to be aggregated orsorted, the compute nodes may each send a respective portion of theintermediate result to the leader node, which may then merge thereturned data so that the final result of the query can be sent back tothe requesting client/subscriber.

FIG. 2 is a block diagram illustrating various components of adistributed data warehouse service from the perspective of its clients(which may include users, client applications, and/or data warehouseservice subscribers), according to some embodiments. In this example,each of the clients 212, 222, and 232 is able to access one or more ofclusters 210, 220, 230, and 240 in a virtual computing environment 200.As illustrated in FIG. 2, each of the clusters 210, 220, 230, and 240includes two or more nodes on which data may be stored on behalf of theparticular ones of clients 212, 222, and 232 who have access to thoseclusters. As illustrated in this example, the clients 212, 222, and 232may be able to access a distributed data warehouse service manager 202,e.g., in order to set up and manage the configuration of the clusters towhich it has access, but once those clusters have been configured, theclients may be able to access them directly (e.g., without going througha service interface of the distributed data warehouse service).

FIG. 3 is also a block diagram illustrating various components of adistributed data warehouse system, some of which may not be visible tothe clients of the distributed data warehouse system, according to oneembodiment. As illustrated in this example, storage clients 350 a-350 nmay access distributed data warehouse service manager 302, and/or datawarehouse clusters 325 and 335 within distributed data warehouse system380 via network 360 (e.g., these components may be network-addressableand accessible to the storage clients 350 a-350 n). However, key-valuedurable backup storage 370, which may be employed by distributed datawarehouse system 380 when automatically performing various backup andrestore operations, such as those described herein, may or may not benetwork-addressable and accessible to the storage clients 350 a-350 n,in different embodiments. For example, in some embodiments, distributeddata warehouse system 380 may perform these operations and/or otheroperations involving key-value durable backup storage 370 (includingpatching in backup copies of data blocks that are not currentlyavailable in distributed data warehouse system 380 in order to satisfyqueries received from storage clients 350 a-350 n) in a manner that isinvisible to storage clients 350 a-350 n.

As previously noted, a distributed data warehouse system cluster mayinclude a single leader node server that receives requests from variousclient programs (e.g., applications) and/or subscribers (users), thenparses them and develops an execution plan to carry out the associateddatabase operation(s). More specifically, the leader node may developthe series of steps necessary to obtain results for complex queries andjoins. In some embodiments, the leader node may manage communicationsbetween the distributed data warehouse system and clients/subscribers,as well as communications with compute nodes that are instructed tocarry out database operations. For example, the compiled code may bedistributed by the leader node to various compute nodes to carry out thesteps needed to perform queries, and intermediate results of thosequeries may be sent back to the leader node.

In some embodiments, a distributed data warehouse system cluster mayalso include one or more compute node servers, and each may includeindividual query processing “slices” defined, for example, for each coreof a server's multi-core processor. The compute nodes may perform theprocessing of queries by executing the compiled code of the executionplan, and may send intermediate results from those queries back to theleader node for final aggregation. Each core or slice may be allocated aportion of the corresponding node server's memory and disk space inorder to process a portion of the workload for a query (or otherdatabase operation) that is sent to one or more of the compute nodeservers. In some embodiments, an interconnect network in the cluster mayprovide private network communication using a standard or customerprotocol, such as a custom User Datagram Protocol (UDP) to exchangecompiled code and data between the leader node and the compute nodes.

FIG. 4 is a block diagram illustrating a cluster in a distributed datawarehouse system, according to one embodiment. As illustrated in thisexample, a distributed data warehouse cluster 400 may include a leadernode 420 and compute nodes 430, 440, and 450, which may communicate witheach other over an interconnect 460. As described above, leader node 420may generate and/or maintain one or more query plans 425 for executingqueries on distributed data warehouse cluster 400. As described herein,each node in a distributed data warehouse cluster may include multipledisks on which data blocks may be stored on behalf of clients (e.g.,users, client applications, and/or distributed data warehouse servicesubscribers). In this example, compute node 430 includes disks 431-438,compute node 440 includes disks 441-448, and compute node 450 includesdisks 451-458. In some embodiments, a component of the distributed datawarehouse cluster (or the distributed data warehouse system of which itis a component) may support load balancing, using any of a variety ofapplicable load balancing techniques. For example, in some embodiments,leader node 420 may include a load balancing component (not shown).

In some embodiments, each of the compute nodes in a cluster implements aset of processes running on the node server's operating system thatmanage communication with the leader node, e.g., to receive commands,send back data, and route compiled code to individual query processes(e.g., for each core or slice on the node) in order to execute a givenquery. In some embodiments, each of compute nodes includes a superblock,which is a data structure (e.g., an array of data) whose entries storeinformation (e.g., metadata about each of the data blocks stored on thatnode (i.e., one entry per data block). In some embodiments, each entryof the superblock data structure includes a unique ID for a respectiveblock, and that unique ID may be used as a key to retrieve a copy ofthat data block in the remote key-value durable backup storage system).In some embodiments, the unique ID may be generated (and a correspondingentry in the superblock created) by the leader node or by a computingnode when the data block is first written in the distributed datawarehouse system.

In various embodiments, in addition to a unique ID for a data block, themetadata contained in each entry of a superblock data structure on agiven node in a cluster of a distributed data warehouse system mayinclude one or more of the following: an indication of whether the blockhas been backed up, one or more counts of the number of times it hasbeen accessed (e.g., in a given period or between particular events),the location of a primary copy of the data block on the node, thelocation of one or more secondary copies of the data block on othernodes in the cluster, and/or a mapping between a primary copy stored onthe node and any secondary copies stored on other nodes in the cluster.For example, each node may own a primary copy of a subset of the datablocks stored by the cluster and may also store a secondary copy of oneor more other data blocks whose primary copies are owned by another nodein the cluster (and vice versa). In some embodiments, each computingnode (or, more specifically, the superblock on each node) may know whichother nodes store secondary copies of its primary data block copies. Insome embodiments, each node that owns a primary copy of a data block maybe configured to determine which other nodes will store one or moresecondary copies of that data block and may initiate its replication onthose other nodes. In some embodiments, the superblock or the leadernode may maintain a mapping between the ranges of data stored in adatabase table on behalf of a client/subscriber and the node(s) on whichthat data is stored. In various embodiments, secondary copies of a datablock may be used to restore a lost or corrupted primary copy of a datablock and/or may be used to satisfy queries that target the data blockduring a restore operation (e.g., prior to the primary copy of thetarget data block being restored or prior to completion of a restorationoperation for an entire disk or node). Note that while several of theembodiments described herein include primary and secondary copies ofeach data block stored in a data warehouse system, in other embodiments,only one copy of each data block may be stored in the data warehousesystem, or multiple parallel copies (none of which has a special role asa “primary” copy) may be stored on different nodes in the system.

FIG. 5 is a block diagram illustrating a superblock data structure,according to one embodiment. In this example, superblock 510 is an arraythat includes multiple entries (e.g., entries 520-528), each of whichstores metadata about a data block. In this example, each of the entriesin the array includes a block ID, an indication of whether the block hasbeen backed up, an indication of the location of the primary copy of theblock, indications of the locations of any secondary copies of the blockstored in the cluster, and one or more data block access counters (asdescribed in more detail below). For example, entry 520 includes blockID 521, backup indicator 522, primary location value 523, one or morecopy location values 524, and one or more counters 525. Similarly, entry530 includes block ID 531, backup indicator 532, primary location value533, one or more copy location values 534, and one or more counters 535;entry 540 includes block ID 541, backup indicator 542, primary locationvalue 543, one or more copy location values 544, and one or morecounters 545; and entry 580 includes block ID 581, backup indicator 582,primary location value 583, one or more copy location values 584, andone or more counters 585.

In some embodiments, all data blocks written to the distributed datawarehouse system and backed up in the remote key-value durable backupstorage system may be written as new data blocks having a new, uniqueID. Note, however, that other embodiments may support the updating ormodification of stored data blocks. In such embodiments, in addition totracking whether a data block has been backed up, an entry in acorresponding superblock may track when a data block is updated. In suchembodiments, when a data block is updated, its entry in the superblockmay be updated to point to a different version of the data block (andits replicas). When a copy of the updated data block is written to theremote key-value durable backup storage system, it may overwrite theprevious copy of the data block, or its key may be reassigned such thatit subsequently accesses the updated version of the data block.

FIG. 6 is a block diagram illustrating the use of a remote key-valuedurable storage system for backing up a data stored in distributed datawarehouse system, according to one embodiment. In this example, one ormore client processes 670 may store data in distributed data warehousesystem 660, which may leverage a key-value durable backup storage system625. The APIs 641-645 of key-value durable backup storage interface 640may expose functionality of the key-value durable backup storage system625 provided in backup data store 620 to distributed data warehousesystem 660 as if distributed data warehouse system 660 were a client ofkey-value durable backup storage system 625. For example, distributeddata warehouse system 660 may perform functions such as uploading orretrieving data from backup data store 620 through these APIs to performbackup and restore operations for data maintained in distributed datawarehouse system 660. As illustrated in FIG. 6, key-value durable backupstorage system 625 may store data blocks as objects in backup data store620 (shown as objects 635 a-635 n). As previously noted, each of theobjects stored in backup data store 620 of key-value durable backupstorage system 625 may be retrieved by distributed data warehouse system660 using a respective, unique key. In some embodiments, key-valuedurable backup storage system 625 may provide high durability for storedobjects (e.g., through the application of various types of redundancyschemes).

In the example illustrated in FIG. 6, distributed data warehouse system660 may back up data blocks to backup data store 620 of key-valuedurable backup storage system 625 according to a “put object” API (shownas 641) and may receive acknowledgment of those operations through acorresponding “return object key” API (shown as 642). In this example,data blocks stored as objects in backup data store 620 may be retrievedfrom backup data store 620 according to a “get object” API of key-valuedurable backup storage system 625 (shown as 643) and may receive therequested data through a corresponding “return object data” API (shownas 644). In some embodiments, key-value durable backup storage system625 may notify distributed data warehouse system 660 when object datathat was stored by distributed data warehouse system 660 in backup datastore 620 has been lost through a “notify object loss” API (shown as645). _([0]) In other embodiments, the APIs provided by key-valuedurable backup storage system 625 may include more, fewer, or differentAPIs for invoking or receiving responses to storage-related operationsor other operations. For example, in some embodiments, the APIs for akey-value durable backup storage system may include a “delete object”API that includes the key of an object (i.e., a unique data blockidentifier) as an input parameter. In such embodiments, in response toreceiving a request to delete an object according to this API, thekey-value durable backup storage system 625 may locate the object inbackup data store 620 (e.g., using the key) and may delete it frombackup data store 620.

Note that in various embodiments, the API calls and responses betweendistributed data warehouse system 660 and key-value durable backupstorage interface APIs 641-645 in FIG. 6 may be performed over a secureproxy connection (e.g., one managed by a gateway control plane), or maybe performed over the public network or, alternatively, over a privatechannel such as a virtual private network (VPN) connection. These andother APIs to the key-value durable backup storage system 625 may beimplemented according to different technologies, including, but notlimited to, Simple Object Access Protocol (SOAP) technology andRepresentational state transfer (REST) technology. In other words, theAPIs to the key-value durable backup storage system 625 may be, but arenot necessarily, implemented as SOAP APIs or RESTful APIs. SOAP is aprotocol for exchanging information in the context of Web-basedservices. REST is an architectural style for distributed hypermediasystems. A RESTful API (which may also be referred to as a RESTful webservice) is a web service API implemented using HTTP and RESTtechnology. The APIs described herein may in some embodiments be wrappedwith client libraries in various languages, including, but not limitedto, C, C++, Java, C# and Perl to support integration with the key-valuedurable backup storage system 625.

As previously noted, in some embodiments, the distributed data warehousesystem may store a single primary copy of each data block on one disk ofone node in a given cluster and may store one or more other local copies(secondary copies) of each data block on respective disk(s) of othernode(s) in the same cluster. As noted above, these secondary copies maymirror the data stored by various disks on a block basis, rather thanmirroring data on a whole disk basis. An additional copy (i.e., a backupcopy) may be written to a remote key-value durable storage system (i.e.,a storage system that is not part of the distributed data warehousesystem or any of the clusters thereof). This backup copy may be slowerto access but may be highly durable.

In some embodiments, the backup copy of a data block that is stored inthe remote storage system may be patched (or “faulted”) into the systemmemory in the distributed data warehouse system if there is a failure inthe distributed data warehouse affecting that data block and there is noway to restore the data block from information available in its cluster.In other words, a backup copy of a data block may be retrieved fromremote backup storage when no primary or secondary copies within thecluster are available. For example, the distributed data warehousesystem may continue to service queries directed to a particular datablock following a failure that involved the particular data block bystreaming in the data block from the backup system on demand using aforeground process (i.e., if the data block is needed to respond to aquery), while a background process works to restore lost or corrupteddata (on a data block basis) to fully reconstruct the data set onvarious disks and nodes of a cluster in the distributed data warehousesystem.

One embodiment of a method for storing a data block in a distributeddata warehouse system is illustrated by the flow diagram in FIG. 7. Asillustrated at 710, in this example, the method may include receiving arequest to write a new data block in a distributed data warehousesystem. In response to receiving the request, the method may includecreating a unique ID for the data block, and creating a new entry forthe data block in a superblock data structure of one node in the cluster(e.g., the node on which the primary copy of the data block will bestored), as in 720. In some embodiments, the unique ID created for thedata block may be stored in the new entry in the superblock datastructure when it is created, and may be subsequently used by otheroperations as an index into that entry in the data structure.

As illustrated in this example, the method may include writing a primarycopy of the data block to one disk on a node in the cluster and writingone or more secondary copies of the data block to other disk(s) (on thesame node or on different nodes) in the cluster, as in 730. The methodmay also include updating the corresponding entry in the superblock(e.g., to indicate the locations of the primary and secondary copies ofthe data block) and committing the superblock in the cluster, as in 740(which may include replicating it across the cluster, or propagating allor a portion of the data stored in it across the cluster, in someembodiments). At some point subsequent to storing the primary andsecondary copies of the data block and updating the superblock datastructure, the method may include initiating a backup of the superblock,the data block, and one or more other data blocks stored in thedistributed data warehouse system, as in 750. For example, backupoperations may be performed periodically (e.g., on a predeterminedschedule), or in response to various pre-defined trigger events orconditions (e.g., after a pre-determined number of new blocks have beencreated in the system, or after each time the superblock data structureis updated and/or committed in the system), in different embodiments.Example backup operations are described in more detail below, accordingto various embodiments.

As previously noted, the systems described herein may implementblock-level storage in a cluster-based architecture, and may back up andrestore data on a block basis (e.g., backing up and restoring data inunits corresponding to physical data blocks), rather than managing dataon a file basis and/or using knowledge of the rows or columns of adatabase table. Note that in some embodiments, only committed blocks maybe backed up to the remote key-value durable backup storage system(i.e., no in-flight transactions are reflected in what is backed up). Invarious embodiments, the remote key-value backup storage systemsdescribed herein may employ replication, parity, erasure coding, oranother error correction technique to provide high durability for thebackup copies of the data maintained by the data warehouse system onbehalf of clients.

In some embodiments, a restore operation may begin by bringing up thedata warehouse system immediately, using a list to indicate where eachdata block is locally as well as in backup storage. Initially, the locallist may be empty. Subsequently, a background process may be invoked tostream data blocks back into the data warehouse system from backupstorage. In the meantime, foreground processes may begin (or continue)processing queries. When and if the foreground processes encounter arequest for data in a data block that has not yet been brought back intothe data warehouse system from backup, the data block may “fault” itselfin, as required.

One embodiment of a method for performing a backup operation in adistributed data warehouse system is illustrated by the flow diagram inFIG. 8. As illustrated at 810, in this example, the method may includebacking up the last committed superblock of a node to a remote key-valuedurable storage. In some embodiments, the superblock data structure maybe too large to be backed up as a single object in remote key-valuedurable storage, and may be stored as a collection of objects, eachrepresenting a sub-array of the superblock data structure and eachhaving its own unique identifier (i.e., key). In other embodiments, thesuperblock data structure may be stored as a single object in remotekey-value durable storage, and may have a single, unique identifier(i.e., key). As previously noted, the superblock may indicate, for eachdata block stored in the distributed data warehouse system, whether thatdata block has been backed up. As illustrated in FIG. 8, the method mayinclude backing up a data block pointed to by an entry in the superblockthat has not yet been backed up, as in 820. For example, data blocksthat are new and/or data blocks that have not been backed up since thelast time they were modified may be targeted for back up during thisbackup operation.

If there are more data blocks to back up (shown as the positive exitfrom 830), the method may include repeating the operation illustrated at820 for each additional data block to be backed up. This is illustratedin FIG. 8 by the feedback from 830 to 820. However, once there are noadditional data blocks to back up (shown as the negative exit from 830),the method may include updating the superblock to reflect that the datablocks have been backed up, as in 840. Note that in other embodiments,individual entries in the superblock data structure may be updated assoon as the corresponding data block is backed up, rather than after allof the data blocks targeted by the backup operation have been backed up.

Note that in some embodiments, the leader node for a given cluster maycoordinate the backup and/or restore processes to ensure consistencyacross the nodes of the cluster. For example, in some embodiments, thesuperblocks of all of the nodes in a cluster may be versioned inlock-step when any updates to the cluster are committed, whether or notupdates were made on all of the nodes in the cluster. In other words, acommit of any update operation in the cluster may cause an update of aversion number (or other version identifier) of all of the superblockson the nodes of the cluster to the same value. In some such embodiments,when a backup operation is initiated, the leader node may be configuredto ensure that all of the nodes are backing up superblocks that have thesame version identifier value, and then the nodes themselves may back upthe corresponding data blocks (according to the metadata stored in thesuperblock). Similarly, on a full cluster restore operation, the leadernode may be configured to ensure that all of the nodes restoresuperblocks that have the same version identifier value (ideally, theversion identifier value of the most recently committed superblocks),and then the nodes themselves may perform a streaming restore operationsfor the appropriate data blocks (according to the metadata stored in therestored superblocks). In some embodiments, however, if a superblockwith the version identifier value of the most recently committedsuperblocks is not available on one or more of the nodes (e.g., if ithas been lost or corrupted, and no valid/uncorrupted mirror copy isavailable in the cluster or in the remote backup storage), the leadernode may be configured to ensure that all of the nodes restoresuperblocks that have the same previous version identifier value (i.e.,the leader node may ensure that a previous consistent snapshot of thedata stored in the cluster is restored).

One embodiment of a method for reconstructing data blocks following afailure in a distributed data warehouse system is illustrated by theflow diagram in FIGS. 9A-9B. As illustrated at 910, in this example, themethod may include a distributed data warehouse system storing datablocks in a cluster on behalf of a customer (e.g., a user, a clientapplication, or a data warehouse service subscriber), and backing up thedata blocks in a remote key-value durable storage. In this example,after detecting a failure in the data warehouse system (as in 915), themethod may include determining whether any lost (or corrupted) datablocks on a given node can be reconstructed using data that is stillstored (and not corrupted) within the same cluster and local metadata(e.g., a superblock of the given node stored on the given node) (as in920). If so, shown as the positive exit from 920, the method may includereconstructing the lost (or corrupted) data blocks on the given node (ordisk thereof) using data and metadata stored within the cluster (e.g.,by retrieving a secondary copy of the data block, according to themetadata stored in the corresponding superblock on the given node), asin 925.

As illustrated in this example, if the lost (or corrupted) data blockscannot be reconstructed using data and metadata that is still stored(and not corrupted) within the same cluster (shown as the negative exitfrom 920), the method may include determining whether the relevantsuperblock (i.e., the superblock for the given node, or disk thereof) isintact (i.e., is not lost or corrupted), as in 930. If the superblock isintact, shown as the positive exit from 930, the method may includeretrieving backup copies of the lost/corrupted data from key-valuestorage using the information stored in the superblock on the givennode, as in 935. If the superblock for the given node is not intact onthe given node (shown as the negative exit from 930), and no mirror(copy) of the superblock for the given node is available and intact(i.e., not corrupted) within the cluster (shown as the negative exitfrom 940) the method may include initiating a full cluster restoreoperation. This is illustrated in FIG. 9A by the connection element A toFIG. 9B. Otherwise, if a mirror (copy) of the superblock for the givennode is available and intact (i.e., not corrupted) within the cluster(shown as the positive exit from 940) the method may include restoringthe superblock from the mirror (as in 945) and initiating a restoreoperation for all of the blocks of the given node (as in 950).

As illustrated in this example, If there are more nodes with data to berestored from backup (shown as the positive exit from 955), the methodmay include repeating the operations illustrated as 920-955 for each ofthe additional nodes. This is illustrated in FIG. 9A by the feedbackfrom 955 to 920. Once there are no additional nodes with data to berestored, but prior to restoring all lost or corrupted blocks from theremote key-value durable backup storage, the method may includeaccepting and servicing queries directed to the customer data, as in960.

As illustrated in this example, if an intact (valid) superblock for agiven node cannot be found within the cluster (i.e., if the superblockfor the given node is corrupted), the method may include initiating arestore operation on the full cluster. This is illustrated in FIG. 9Bbeginning after connection element A. As illustrated in this example, afull cluster restore operation may include restoring the last committedsuperblock for each node in the cluster from the remote key-valuedurable storage (as in 965), and, on each node, initiating a streamingrestore operation from remote key-value durable storage for all datablocks pointed to by the entries in the restored superblock (as in 970).As in previous examples, the method may include, prior to restoring allof the data blocks of the cluster from the remote key-value durablestorage, making the data warehouse system available for accepting andservicing queries (as in 975).

Note that, in various embodiments, the system may be taken live (i.e.,made available for processing query requests received from clients) atany point after beginning the restore operation and retrieving thesuperblock data structures that store information about the lost datablocks (e.g., if those superblock data structures are not intactfollowing the detected failure), or it may remain live even in the faceof the detected failure (e.g., if the superblock data structures thatstore information about the lost data blocks remain intact following thedetected failure). In other words, in various embodiments, the systemsand method described herein may allow a distributed data warehousesystem to accept and service queries directed to the customer data itstores following a failure in the system prior to restoring all of theaffected data blocks from the remote key-value durable backup storage.

In some embodiments, when reading a data block maintained by the datawarehouse system, the system itself may be configured to automaticallydetermine whether to access one of the copies of the data block storedin a disk in a cluster in the data warehouse system (e.g., a primary orsecondary copy of the data block) or to access the backup copy of thedata block stored in the remote backup storage system. In someembodiments, this determination may include performing a consistencycheck when a data block is read from a disk in the cluster to evaluatewhether the data block has encountered physical or logical corruption.For example, if the primary copy of the data block has been corrupted,the data block may be read from its secondary location. If the secondarycopy if also unavailable (e.g., due to any of a variety of reasons,including those described herein), the most recent version of thissingle data block may be automatically retrieved from backup storage andpatched into the running system, without requiring the client to knowthe identification or location of the backup copy and without requiringrestoration of any other data block.

One embodiment of a method for responding to a query request in adistributed data warehouse system is illustrated by the flow diagram inFIG. 10. As illustrated at 1000, in this example, the method may includea distributed data warehouse system receiving a query directed to datastored in a given cluster on behalf of a client or subscriber. Inresponse to receiving the query, the method may include, for a block ofdata targeted by the query, the leader node of the given clusterdetermining the compute node that currently stores the primary copy ofdata block, as in 1010. If the primary copy of data block is available(e.g., for at least partially satisfying the query), shown as thepositive exit from 1020, the method may include obtaining the targetdata from the primary copy of the data block and returning it to therequestor, as in 1025.

If the primary copy of data block is not available (e.g., due tophysical or logical corruption, a software bug, a memory issue in theI/O pathway, a disk failure, a node failure, or because it has yet to berestored following corruption or a failure), the method may include theprimary compute node or the leader node determining the compute node(s)that store one or more secondary copies of the data block, as in 1030.If a secondary copy of the data block is available (shown as thepositive exit from 1040), the method may include obtaining the targetdata from the secondary copy of the data block and returning it to therequestor, as in 1045. If no secondary copy of the data block isavailable (shown as the negative exit from 1040), the method may includethe leader node or the primary compute node determining the unique ID ofthe data block (e.g., based on metadata stored in a superblock datastructure of a node on which the data block was previously stored),sending a request for the data block to a remote key-value durablebackup storage system to retrieve the target data, and returning thetarget data to the requestor, as in 1050. If there are more data blockstargeted by the received query (shown as the positive exit from 1060),the method may include repeating the operations illustrated at 1010 to1050 for those additional data blocks. This is illustrated in FIG. 10 bythe feedback from 1060 to 1010. Once there are no additional data blockstargeted by the received query, shown as the negative exit from 1060,the query processing may be complete, as in 1070. Note that theoperations illustrated in FIG. 10 for determining which of severalcopies of a targeted data block to access in order to respond to a querymay be performed automatically (e.g., without user intervention) in thedistributed data warehouse system.

One embodiment of a method for determining which of the copies of a datablock to return in response to a query is illustrated by the flowdiagram in FIG. 11. As illustrated at 1110, in this example, the methodmay include a client sending a query request to a data warehousecluster. If the cluster is not available (shown as the negative exitfrom 1120), the method may include initiating the reconstruction of thecluster, as in 1125 before re-attempting to satisfy the query (notshown). For example, the method may include initiating a backgroundprocess for restoring the entire cluster from backup copies of the datastored in the remote key-value durable backup storage system. Asdescribed herein, in some embodiments, rather than waiting for theentire cluster (or even the targeted data block) to be restored beforere-attempting to satisfy the query, a backup copy of the targeted datablock may be retrieved from the remote key-value durable backup storagesystem by a foreground process that retrieves data blocks targeted bythe query. If the cluster is available (shown as the positive exit from1120), the method may include, for a block of data targeted by thequery, the leader node determining a compute node that stores a primarycopy of the data block, as in 1130. If the primary copy of the datablock is not intact (e.g., if it is lost or corrupted, shown as thenegative exit from 1140), the method may include initiating an attemptto obtain the target data from a secondary copy of the data block,applying a consistency check to the obtained data (if found), and/orinitiating the restore of the primary data block copy from the secondarycopy (as in 1170).

As illustrated in this example, if the primary copy of the targeted datais intact and not corrupted (shown as the positive exit from 1140), themethod may include retrieving the target data from the primary copy ofthe data block, and applying a consistency check to the retrieved data,as in 1150. If the retrieved data passes the consistency check (shown asthe positive exit from 1160), the method may include returning thetarget data to the client (as in 1185).

If the retrieved data does not pass the consistency check (shown as thenegative exit from 1160) the method may include initiating an attempt toobtain the target data from a secondary copy of the data block, applyinga consistency check to the obtained data (if found), and/or initiatingthe restore of the primary data block copy from the secondary copy (asin 1170). If a consistent secondary copy of the data block is found(shown as the positive exit from 1180), the method may include returningthe target data to the client, as in 1185. If no consistent secondarycopy of the data block is found (shown as the negative exit from 1180),the method may include patching in a copy of data block from the backupstorage system (e.g., a remote key-value durable backup storage system)and returning the target data to the client, as in 1190. Note thatvarious ones of the operations illustrated at 1130-1190 may be repeatedfor any other data blocks in which data targeted by the query is stored(not shown), but it may not be necessary to restore or even scan all ofthe data blocks of a disk, node, or cluster stored in the backup storagesystem in order to retrieve data from the backup storage system that isneeded to satisfy a query. Note also that the operations illustrated inFIG. 11 for determining which of several copies of a targeted data blockto return to a client in response to a query may be performedautomatically (e.g., without intervention by a system administrator orother user) in the distributed data warehouse system.

One embodiment of a method for patching in a backup copy of a data blockfrom a remote key-value durable storage system to satisfy a query isillustrated by the flow diagram in FIG. 12. As illustrated at 1210, inthis example, the method may include a client sending a query request toa data warehouse cluster targeting a given data block. If the targetdata block is available within the cluster (shown as the positive exitfrom 1220), the method may include obtaining the target data block froma node within the cluster (e.g., a node on which a primary or secondarycopy of the target data block is stored), and returning the target datablock (or a requested portion thereof) to the client, as in 1225. If,for any of a variety of reasons (e.g., due to physical or logicalcorruption, a software bug, a memory issue in the I/O pathway, a diskfailure, a node failure, or any other reason), the target data block isnot available within the cluster (shown as the negative exit from 1220),the method may include bringing the target data block into system memoryfrom a remote key-value durable storage system (indexed by a unique datablock identifier that serves as its access key in the remote key-valuedurable storage system) to satisfy the query, and returning the targetdata block (or a requested portion thereof) to the client, as in 1230.In other words, the target data block may be “faulted in” (in a mannersimilar to that employed following a page fault) to satisfy a queryrequest without having to scan data or restore more than that targetdata block.

As illustrated in this example, once the target data block has beenbrought into system memory, the method may include writing a primarycopy of the target data block to a node within the data warehousecluster, and updating the appropriate metadata accordingly (e.g.,updating the metadata in the superblock data structure for that node toreflect the current state and/or location of the data block in thenode), as in 1240. The method may also include initiating thereplication of the target data block on one or more other nodes withinthe data warehouse cluster (in other words, it may include the node onwhich the primary copy is stored creating one or more secondary copiesof the data block), and updating the appropriate metadata accordingly,as in 1250. In various embodiments, the metadata for the primary and/orsecondary copies of the restored data block may be the same or differentthan the metadata for the primary and/or secondary copies of thecorrupted data blocks that they replace (e.g., depending on whether theyare stored on the same or different disks and/or nodes than those onwhich the copies of the corrupted data block were previously stored). Asillustrated in this example, in some embodiments the method may includelogging an indication of (or other information about) any failure in thesystem that triggered the restore operation and/or an indication of (orother information about) the restore operation itself for subsequentuse, as in 1260. For example, in some embodiments, such information(which may be logged for other such failures or conditions/events thatresult in a consistent and uncorrupted copy of various data blocks notbeing available in the data warehouse cluster) may be subsequentlyaccessed (e.g., in a file or data structure in which it was recorded)when performing failure analysis, trend analysis, routine or targetedmaintenance, or other functions.

Note that in other embodiments, after the target data is brought intosystem memory from a remote key-value durable storage system to satisfythe query and is returned to the client (as in 1230), the target datamay be discarded, rather than written to disk. In some such embodiments,primary and secondary copies of a lost or corrupted data block may notbe written to disk by a foreground process that retrieves data blocksfrom backup storage in order to satisfy a query, but only by abackground process that performs a streaming restore operation for anentire disk, node, or cluster. Note also that, in some embodiments, if aquery request targets data in more than one data block, the operationsillustrated in FIG. 12 may be repeated in order to locate and return allof the data needed to satisfy the query request, which may include“faulting in” one or more additional data blocks from the remotekey-value durable storage system and/or restoring them in the datawarehouse cluster (whether by a foreground process servicing the queryrequest or by a subsequent background process). In embodiments in whichmultiple data blocks are restored in the data warehouse cluster by abackground process, the order in which the data blocks are restored maybe dependent on the relative likelihood that they will be access againin the near future, as described in more detail below.

As previously noted, in some embodiments, data blocks may be restoredfrom a remote storage system in an order reflecting the likelihood (orexpected likelihood) that they will be accessed in the near future. Indifferent embodiments, different schemes may be used to track therecentness and/or relevance of various data blocks in order influencethe prioritization of blocks for a streaming restore operation. In someembodiments, data blocks may be restored based on such a determinedprioritization using a background process while a foreground processstreams in data blocks from backup storage on an as needed basis tosatisfy incoming queries. Note that in other systems, many (or most)other processes must run in a degraded state until an entire failed (orcorrupted) disk or node is rebuilt. In some embodiments, the systemsdescribed herein may implement a more graceful degradation duringrestore operations. In other words, prioritizing the retrievals to beperformed by the background process, as described herein, may allow thembe sequenced in such a way that they minimize the perceived degradationin system performance due to the restore process (e.g., byreconstructing more frequently accessed data before reconstructing lessfrequently accessed data).

One embodiment of a method for restoring data blocks from a remotekey-value durable storage system in priority order is illustrated by theflow diagram in FIG. 13. As illustrated at 1310, in this example, themethod may include detecting a failure of (or a failure on) one or morecomponents of a data warehouse system. In response, an operation torestore affected data (e.g., data that cannot be restored fromunaffected data remaining in the data warehouse system) may beinitiated. As illustrated in this example, the method may includedetermining the priority in which to restore the affected data blocksfrom key-value durable backup storage based on a determination of therelative likelihood that each of the data blocks will be accessed in thenear future, as in 1320. As described in more detail below, variouscriteria may be applied to determining a priority order for restoringthe affected data blocks, including, but not limited to: sequencing themin an order such that the data blocks that were most recently thetargets of queries are restored first, such that the data blocks thatwere most recently written are restored first, or such that the datablocks that were most recently backed up are restored first.

Once the order in which to restore the affected data block has beendetermined, the method may include retrieving the highest priority datablock from key-value durable backup storage (e.g., streaming it intosystem memory in the data warehouse system), writing a primary copy ofthe data block in the data warehouse system, and initiating thereplication of the data block in the data warehouse system (e.g., tocreate one or more secondary copies of the data block), as in 1330. Notethat streaming the data block into system memory prior to writing theprimary and secondary copies to disk may make it possible to respond toqueries that target that data faster (e.g., from a faster memory) thenwhen the data must be retrieved from a disk in the cluster or frombackup storage). If there are more data blocks to restore (shown as thepositive exit from 1340), the method may include retrieving the nexthighest priority data block from key-value durable backup storage,writing a primary copy of the next highest priority data block in thedata warehouse system, and initiating a replication of the next highestpriority data block, as in 1350. As illustrated in FIG. 13, theoperations illustrated at 1340 and 1350 may be repeated until all of thedata blocks to be restored in this restore operation (e.g., all of thedata blocks affected by the detected failure or failures) have beenrestored (shown as the negative exit from 1340). The method may alsoinclude updating the appropriate metadata for the reconstructedcomponents (e.g., in the superblock for each node), as in 1360, and atthat point, the recovery operation may be complete, as in 1370. Notethat in other embodiments, individual entries in the superblock datastructure may be updated as soon as the corresponding data block isreconstructed, rather than after all of the data blocks targeted by therestore operation have been reconstructed.

In some embodiments, when performing a streaming restore from remotebackup storage, there may a significant benefit to sequencing therestoration of data blocks such that they align with the likelihood ofaccess by incoming queries. In some embodiments, data blocks may beprioritized for restoration based on how recently and/or how often theyhave been accessed in the distributed data warehouse. For example, in adata warehouse containing data stored over a period of three years inwhich most queries access data that was stored within the last week,bringing the data blocks stored within the last week and data blocksthat are related to those data blocks (e.g., data for facts and alldimension tables that are joined to the fact table) into system memoryfirst may allow the system to respond to most queries prior to restoringall of the data in the data set. In this example, a typical distributionof queries directed to the data set may perform efficiently once lessthan 1% of the data is brought in from backup storage.

In some embodiments, data blocks that include time series data may beprioritized such that the data blocks storing the newest data arerestored first. In some embodiments, data blocks storing more recentlycreated (or updated) data may be prioritized over data blocks that storeolder data, regardless of the type of data they store. In otherembodiments, the restore operation may prioritize data blocksrepresenting the most recently loaded database tables first, under theassumption that tables that have just been loaded into the system willbe either queried or sorted sooner than data blocks storing other tabledata. In still other embodiments, data blocks may be prioritized forrestoration based on an analysis of recent query patterns. For example,if there is any skew in the access pattern for data blocks, that accesspattern may be followed when restoring data blocks from backup storage.In some embodiments, recently run queries may be examined to see whichdata blocks they accessed and/or to determine historical access patternsof a large number of previous queries. For example, a query history maybe maintained by the data warehouse system (e.g., in a log or table) andan analysis of that history may be performed to determine which tablesand/or columns of data are most frequently queried. The data blocksstoring the columnar data that is most frequently queried may beprioritized for restoration. In some embodiments, the prioritization ofdata blocks for restoration may by a dynamic prioritization based oncurrent activity. For example, when data blocks are patched into thedata warehouse system from backup storage in order to satisfy currentqueries, the priority of any remaining to-be-restored data blocks thatstore data for the same columns as the data blocks that have beenpatched in may be increased.

In some embodiments, the superblock data structures described herein maybe augmented with one or more counters per entry (i.e., per data block)whose values reflect the number of times the corresponding data blockhas been accessed with a given period. For example, each of thesuperblock data structures may include a current access period counterand a previous access period counter. On each data block access, thecurrent access period counter may be updated. From time to time (e.g.,periodically or in response to certain events, such as backup or restoreoperations), the count value of the current access period counter may bemoved to previous access period counter (overwriting its previousvalue), and the value of the current access period counter may be reset(e.g., to a value of zero). In some embodiments, when new blocks arecreated, their superblock data structures may be initialized to includean average or median current access period counter value, indicatingthat they are fairly likely to be accessed (e.g., so that they are notunfairly penalized relative to other data blocks). In other embodiments,the current access period counter value for new blocks may beinitialized to a default value (e.g., 20% of the maximum count value).In some embodiments, a sorting operation on a data block may reset thecounters for all affected data blocks to an initial value or to adefault value.

In this example, for a restore operation, data blocks may be sortedbased on the sum of the current access period counter value and theprevious access period counter value (from the highest sum to the lowestsum). In another example, data blocks may be sorted based on a weightedaverage or a weighted sum of the current access period counter value andthe previous access period counter value (e.g., one-half the previousaccess period counter value plus the current access period countervalue). In general, data blocks may be sorted based on a value thatrepresents a logical combination and/or a mathematical combination ofthe values of their current access period counters and their previousaccess period counters, in different embodiments.

One embodiment of a method for determining the order in which to restoredata blocks from key-value durable backup storage is illustrated by theflow diagram in FIG. 14. As illustrated at 1410, in this example, themethod may include a client sending a query request to a data warehousecluster targeting a given data block. As illustrated in this example,the method may include the data warehouse cluster satisfying the requestand incrementing a current access period counter associated with thegiven data block to reflect the fact that the given data block has beenaccessed, as in 1420. If the current access period (e.g., the currentperiod during which a count of accesses is being captured by the currentaccess period counter) has not yet expired (shown as the negative exitfrom 1430), the method may include continuing to count accesses to thegiven data block and/or one or more other data blocks (using differentcurrent access period counters associated with those other data blocks).This is illustrated in FIG. 14 by the feedback from the negative exit of1430 to 1410. If (or when) the current access period expires (shown asthe positive exit from 1430), the method may include copying the currentaccess period counter value to a previous access period counter (e.g.,overriding the value of the counter), and resetting the value of thecurrent access period counter to an initial or default value, as in1440.

As illustrated in this example, the method may include continuing tocount accesses to the given data block and/or one or more other datablocks (using different current access period counters associated withthose other data blocks) until or unless something triggers a restoreoperation. This is illustrated in FIG. 14 by the feedback from thenegative exit of 1450 to 1410. Note that in some embodiments, a restoreoperation may be triggered in response to detecting a failure of a disk,node, or cluster, in response to a query targeting data that is notavailable (or for which a consistent and uncorrupted copy is notavailable in the cluster), or in response to an explicit request from aclient (e.g., a user, client application, or storage service subscriber)to do so. Once a restore operation is triggered (shown as the positiveexit from 1450), the method may include combining the current accessperiod counter value and the previous access period counter value foreach affected data block to determine the order in which to restore theaffected data blocks, as in 1460. For example, in different embodiments,the sum of these two counter values (for each data block) may be used todetermine the order in which the data blocks should be restored (e.g.,such that data blocks that have been accessed more times in the two mostrecent periods for which access counts have been captured will berestored sooner than data blocks that have been accessed fewer times.

In some embodiments, the data warehouse systems described herein mayimplement workload management mechanisms that allow clients to flexiblymanage the priorities of workloads, and, in particular, allow forclassification of workloads, so that quick, fast-running queries may notget stuck in queues behind long-running queries (e.g., a short querybias). In some embodiments, the data warehouse systems may implementcustomizable query service classes that provide additional criteria forquery classification and a high-level workload manager component managesqueries, assigns them to service classes. In such embodiments, for eachservice class, the data warehouse systems may provide a query queue thatmaintains a prioritized list of queries waiting for execution. Inaddition, the data warehouse system may provide a task pool that definesthe number of queries within a pool that can be run concurrently (aslong as compute node processes are available to run them).

In some embodiments, the data warehouse systems described herein may usemassively-parallel processing (MPP) infrastructure to provide fastexecution of the most complex queries operating on large amounts of datain a database. Using off-the-shelf standard server components, the datawarehouse systems may provide near-linear scalability to boostperformance simply by adding more “compute node” servers (withmulti-core processors) to handle more demanding workloads. All queryprocessing (except final result aggregation) may be done by the computenodes with each core of every node executing the same compiled query“segments” on smaller portions of the entire data.

In addition, the data warehouse systems may use columnar-oriented datastorage and compression to reduce storage requirements (thereby alsoreducing disk I/O) and to perform more in-memory processing of queries.Fully optimized and compiled code may be distributed across all of thenodes of a data warehouse system cluster to “divide and conquer” and toincrease the execution speed of complex queries while also eliminatingthe overhead of using an interpreter.

In some embodiments, the data warehouse systems described herein mayprovide a highly-efficient query optimizer and a query execution enginethat is MPP-aware and that also takes advantage of the columnar-orienteddata storage used by the data warehouse systems. The query optimizer ofthe data warehouse systems may provide a collection of reusable softwarecomponents and methods central to query execution with significantenhancements and extensions for processing complex analytic queriesincluding multi-table joins, sub-queries, and aggregation. As previouslynoted, the use of columnar storage and adaptive compression may alsosignificantly reduce the amount of data needed in processing queries andmay dramatically improve query execution speed through in-memory andcached data access whenever possible.

The methods described herein may in various embodiments be implementedby any combination of hardware and software. For example, in oneembodiment, the methods may be implemented by a computer system thatincludes a processor executing program instructions stored on acomputer-readable storage medium coupled to the processor. The programinstructions may be configured to implement the functionality describedherein (e.g., the functionality of various servers and other componentsthat implement the data warehouse systems and/or remote key-valuedurable backup storage systems described herein).

FIG. 15 is a block diagram illustrating a computer system configured toimplement at least a portion of a distributed data warehouse system anda corresponding key-value durable backup storage system, according tovarious embodiments. For example, computer system 1500 may be configuredto implement a leader node of a cluster in a distributed data warehousesystem, a compute node of a cluster in a distributed data warehousesystem, a distributed data warehouse service manager, a key-valuedurable backup storage system (or an interface thereof), or any othercomponent of a distributed data warehouse system or a correspondingkey-value durable backup storage system. Computer system 1500 may be anyof various types of devices, including, but not limited to, a personalcomputer system, desktop computer, laptop or notebook computer,mainframe computer system, handheld computer, workstation, networkcomputer, a consumer device, application server, storage device,telephone, mobile telephone, or in general any type of computing device.

Computer system 1500 includes one or more processors 1510 (any of whichmay include multiple cores, which may be single or multi-threaded)coupled to a system memory 1520 via an input/output (I/O) interface1530. Computer system 1500 further includes a network interface 1540coupled to I/O interface 1530. In various embodiments, computer system1500 may be a uniprocessor system including one processor 1510, or amultiprocessor system including several processors 1510 (e.g., two,four, eight, or another suitable number). Processors 1510 may be anysuitable processors capable of executing instructions. For example, invarious embodiments, processors 1510 may be general-purpose or embeddedprocessors implementing any of a variety of instruction setarchitectures (ISAs), such as the x86, PowerPC, SPARC, or MIPS ISAs, orany other suitable ISA. In multiprocessor systems, each of processors1510 may commonly, but not necessarily, implement the same ISA. Thecomputer system 1500 also includes one or more network communicationdevices (e.g., network interface 1540) for communicating with othersystems and/or components over a communications network (e.g. Internet,LAN, etc.). For example, a client application executing on system 1500may use network interface 1540 to communicate with a server applicationexecuting on a single server or on a cluster of servers that implement adistributed system. In another example, an instance of a serverapplication executing on computer system 1500 may use network interface1540 to communicate with other instances of the server application thatmay be implemented on other computer systems.

In the illustrated embodiment, computer system 1500 also includes one ormore persistent storage devices 1560 and/or one or more I/O devices1580. In various embodiments, persistent storage devices 1560 maycorrespond to disk drives, tape drives, solid state memory, other massstorage devices, or any other persistent storage device. Computer system1500 (or a distributed application or operating system operatingthereon) may store instructions and/or data in persistent storagedevices 1560, as desired, and may retrieve the stored instruction and/ordata as needed.

Computer system 1500 includes one or more system memories 1520 that areconfigured to store instructions and data accessible by processor 1510.In various embodiments, system memories 1520 may be implemented usingany suitable memory technology, (e.g., one or more of cache, staticrandom access memory (SRAM), DRAM, RDRAM, EDO RAM, DDR 10 RAM,synchronous dynamic RAM (SDRAM), Rambus RAM, EEPROM,non-volatile/Flash-type memory, or any other type of memory). Systemmemory 1520 may contain program instructions 1525 that are executable byprocessor(s) 1510 to implement the methods and techniques describedherein. In various embodiments, program instructions 1525 may be encodedin platform native binary, any interpreted language such as Java™byte-code, or in any other language such as C/C++, Java™, etc., or inany combination thereof. For example, in the illustrated embodiment,program instructions 1525 include program instructions executable toimplement the functionality of a leader node of a cluster in adistributed data warehouse system, a compute node of a cluster in adistributed data warehouse system, a distributed data warehouse servicemanager, a key-value durable backup storage system (or an interfacethereof), or any other component of a distributed data warehouse systemor a corresponding key-value durable backup storage system. In someembodiments, program instructions 1525 may implement multiple separateclients, server nodes, and/or other components.

In some embodiments, program instructions 1525 may include instructionsexecutable to implement an operating system (not shown), which may beany of various operating systems, such as UNIX, LINUX, Solaris™, MacOS™,Windows™, etc. Any or all of program instructions 1525 may be providedas a computer program product, or software, that may include anon-transitory computer-readable storage medium having stored thereoninstructions, which may be used to program a computer system (or otherelectronic devices) to perform a process according to variousembodiments. A non-transitory computer-readable storage medium mayinclude any mechanism for storing information in a form (e.g., software,processing application) readable by a machine (e.g., a computer).Generally speaking, a non-transitory computer-accessible medium mayinclude computer-readable storage media or memory media such as magneticor optical media, e.g., disk or DVD/CD-ROM coupled to computer system1500 via I/O interface 1530. A non-transitory computer-readable storagemedium may also include any volatile or non-volatile media such as RAM(e.g. SDRAM, DDR SDRAM, RDRAM, SRAM, etc.), ROM, etc., that may beincluded in some embodiments of computer system 1500 as system memory1520 or another type of memory. In other embodiments, programinstructions may be communicated using optical, acoustical or other formof propagated signal (e.g., carrier waves, infrared signals, digitalsignals, etc.) conveyed via a communication medium such as a networkand/or a wireless link, such as may be implemented via network interface1540.

In some embodiments, system memory 1520 may include data store 1545,which may be configured as described herein. For example, theinformation described herein as being stored by the data warehousesystem (e.g., on a leader node or a compute node), such as a superblockdata structure, one or more data block access counters, a query history,an error log, or other information used in performing the methodsdescribed herein may be stored in data store 1545 or in another portionof system memory 1520 on one or more nodes, in persistent storage 1560,and/or on one or more remote storage devices 1570, in variousembodiments. In some embodiments, and at various times, system memory1520 (e.g., data store 1545 within system memory 1520), persistentstorage 1560, and/or remote storage 1570 may store primary copies ofdata blocks, secondary copies (i.e., replicas) of data blocks, backupcopies of data blocks, metadata associated with data blocks and/or theirstate, database configuration information, and/or any other informationusable in implementing the methods and techniques described herein.

In one embodiment, I/O interface 1530 may be configured to coordinateI/O traffic between processor 1510, system memory 1520 and anyperipheral devices in the system, including through network interface1540 or other peripheral interfaces. In some embodiments, I/O interface1530 may perform any necessary protocol, timing or other datatransformations to convert data signals from one component (e.g., systemmemory 1520) into a format suitable for use by another component (e.g.,processor 1510). In some embodiments, I/O interface 1530 may includesupport for devices attached through various types of peripheral buses,such as a variant of the Peripheral Component Interconnect (PCI) busstandard or the Universal Serial Bus (USB) standard, for example. Insome embodiments, the function of I/O interface 1530 may be split intotwo or more separate components, such as a north bridge and a southbridge, for example. Also, in some embodiments, some or all of thefunctionality of I/O interface 1530, such as an interface to systemmemory 1520, may be incorporated directly into processor 1510.

Network interface 1540 may be configured to allow data to be exchangedbetween computer system 1500 and other devices attached to a network,such as other computer systems 1590 (which may implement one or moreserver nodes and/or clients of the distributed data warehouse systemand/or a remote key-value durable storage system), for example. Inaddition, network interface 1540 may be configured to allowcommunication between computer system 1500 and various I/O devices 1550and/or remote storage 1570. Input/output devices 1550 may, in someembodiments, include one or more display terminals, keyboards, keypads,touchpads, scanning devices, voice or optical recognition devices, orany other devices suitable for entering or retrieving data by one ormore computer systems 1500. Multiple input/output devices 1550 may bepresent in computer system 1500 or may be distributed on various nodesof a distributed system that includes computer system 1500. In someembodiments, similar input/output devices may be separate from computersystem 1500 and may interact with one or more nodes of a distributedsystem that includes computer system 1500 through a wired or wirelessconnection, such as over network interface 1540. Network interface 1540may commonly support one or more wireless networking protocols (e.g.,Wi-Fi/IEEE 802.11, or another wireless networking standard). However, invarious embodiments, network interface 1540 may support communicationvia any suitable wired or wireless general data networks, such as othertypes of Ethernet networks, for example. Additionally, network interface1540 may support communication via telecommunications/telephony networkssuch as analog voice networks or digital fiber communications networks,via storage area networks such as Fibre Channel SANs, or via any othersuitable type of network and/or protocol. In various embodiments,computer system 1500 may include more, fewer, or different componentsthan those illustrated in FIG. 15 (e.g., displays, video cards, audiocards, peripheral devices, other network interfaces such as an ATMinterface, an Ethernet interface, a Frame Relay interface, etc.)

It is noted that any of the distributed system embodiments describedherein, or any of their components, may be implemented as one or moreweb services. For example, leader nodes within a data warehouse systemmay present data storage services and/or database services to clients asweb services. In some embodiments, a web service may be implemented by asoftware and/or hardware system designed to support interoperablemachine-to-machine interaction over a network. A web service may have aninterface described in a machine-processable format, such as the WebServices Description Language (WSDL). Other systems may interact withthe web service in a manner prescribed by the description of the webservice's interface. For example, the web service may define variousoperations that other systems may invoke, and may define a particularapplication programming interface (API) to which other systems may beexpected to conform when requesting the various operations.

In various embodiments, a web service may be requested or invokedthrough the use of a message that includes parameters and/or dataassociated with the web services request. Such a message may beformatted according to a particular markup language such as ExtensibleMarkup Language (XML), and/or may be encapsulated using a protocol suchas Simple Object Access Protocol (SOAP). To perform a web servicesrequest, a web services client may assemble a message including therequest and convey the message to an addressable endpoint (e.g., aUniform Resource Locator (URL)) corresponding to the web service, usingan Internet-based application layer transfer protocol such as HypertextTransfer Protocol (HTTP).

In some embodiments, web services may be implemented usingRepresentational State Transfer (“RESTful”) techniques rather thanmessage-based techniques. For example, a web service implementedaccording to a RESTful technique may be invoked through parametersincluded within an HTTP method such as PUT, GET, or DELETE, rather thanencapsulated within a SOAP message.

The various methods as illustrated in the figures and described hereinrepresent example embodiments of methods. The methods may be implementedmanually, in software, in hardware, or in a combination thereof. Theorder of any method may be changed, and various elements may be added,reordered, combined, omitted, modified, etc.

Although the embodiments above have been described in considerabledetail, numerous variations and modifications may be made as wouldbecome apparent to those skilled in the art once the above disclosure isfully appreciated. It is intended that the following claims beinterpreted to embrace all such modifications and changes and,accordingly, the above description to be regarded in an illustrativerather than a restrictive sense.

The invention claimed is:
 1. A method, comprising: performing, by one ormore computers: storing columnar data of a database table in a pluralityof physical data blocks in a distributed data storage system on behalfof one or more clients, wherein the distributed data storage systemcomprises a cluster of one or more nodes, each of which comprises one ormore disks on which physical data blocks are stored, and wherein each ofthe plurality of physical data blocks is associated with a respectiveunique identifier; storing a copy of individual ones of the plurality ofphysical data blocks in a remote key-value durable backup storagesystem, wherein for the individual ones of the plurality of physicaldata blocks, the respective unique identifier serves as a key to accessthe data block in the remote key-value durable backup storage system;detecting a failure in the distributed data storage system affecting atleast one of the plurality of physical data blocks in which the columnardata was stored; in response to said detecting, automatically initiatinga restore of the columnar data that was stored in the at least one ofthe plurality of physical data blocks from the remote key-value durablebackup storage system; receiving one or more query requests directed tothe columnar data of the database table; and servicing the one or morequery requests, wherein said servicing comprises: at least partly duringthe restore, streaming at least some of the columnar data from thekey-value durable backup storage system into system memory of thedistributed data storage system; and at least partly during the restore,accessing the columnar data from the system memory in response to theone or more query requests.
 2. The method of claim 1, wherein saidstoring the columnar data of the database table comprises storing aportion of the columnar data as a primary copy of the portion of thecolumnar data in a respective physical data block on a given disk, andstoring the portion of the columnar data as one or more secondary copiesof the portion of the columnar data in respective physical data blockson one or more disks other than the given disk.
 3. The method of claim1, wherein said storing the columnar data of the database tablecomprises storing the unique identifier of the individual ones of theplurality of physical data blocks in a respective entry in a superblockdata structure that stores information about the physical data blocksstored on a given node.
 4. The method of claim 1, wherein said storingcolumnar data of the database table comprises storing informationindicating a location at which the individual ones of the plurality ofphysical data blocks are stored on disks of a given node, the locationindicated in a respective entry in a superblock data structure thatstores information about the physical data blocks stored on the givennode.
 5. The method of claim 1, wherein said servicing further comprisesobtaining at least some of the columnar data of the database table towhich the one or more query requests are directed from disks in thedistributed data storage system.
 6. A method, comprising: performing, byone or more computers: maintaining data in one or more physical datablocks of a data storage system on behalf of one or more clients,wherein each physical data block is associated with a unique identifier;performing a backup operation to store a respective copy of data storedin a given physical data block in a key-value storage system that isdistinct from the data storage system; subsequent to storing therespective copy of the data stored in the given physical data block,restoring the data stored in the given physical data block from thekey-value storage system to the data storage system; and servicing oneor more queries directed to the data maintained on behalf of the one ormore clients, wherein said servicing comprises: at least partly duringthe restoring the data, streaming at least some of the data from thekey-value storage system into system memory of the data storage system;and at least partly during the restoring the data, accessing the datafrom the system memory in response to the one or more queries.
 7. Themethod of claim 6, wherein said restoring is performed as part of anoperation to restore the data stored in multiple physical data blocksfrom the key-value storage system to the data storage system, andwherein said servicing the one or more queries is performed prior torestoring all of the data stored in the multiple physical data blocks.8. The method of claim 6, further comprising receiving the datarepresenting entries in a database table, wherein said maintaining thedata in the one or more physical data blocks of the data storage systemcomprises storing the data in one or more columns of the database tablein the one or more physical data blocks.
 9. The method of claim 6,wherein said restoring is performed in response to a failure of astorage device on which the data is stored in the data storage system.10. The method of claim 6, wherein said restoring is performed inresponse to a failure of a node comprising a storage device on which thedata is stored in the data storage system.
 11. The method of claim 6,wherein said restoring is performed in response to a failure of acluster of one or more nodes comprising a storage device on which thedata is stored in the data storage system.
 12. The method of claim 6,wherein said restoring is performed in response to a request from one ofthe one or more clients to perform a restore operation.
 13. The methodof claim 6, wherein said maintaining the data in the one or morephysical data blocks of the data storage system comprises maintaining adata structure that stores a mapping between the data maintained on aparticular node in a cluster of one or more nodes and a location in thedata storage system at which the data is stored in a physical data blockon the particular node, wherein the data structure is maintained on theparticular node, and wherein each entry in the data structure stores amapping for a particular physical data block and the unique identifierassociated with the particular physical data block; and wherein themethod comprises, prior to said restoring, restoring the data structureon the particular node in response to a failure of the node or a failureof the cluster of nodes.
 14. A non-transitory computer-readable storagemedium storing program instructions that when executed on one or morecomputers cause the one or more computers to perform: storing one ormore data blocks in a data warehouse system; creating an entry for eachof the one or more data blocks in a data structure that storesinformation about the one or more data blocks, wherein the entrycomprises: a unique identifier for a data block; at least one counterindicating a number of accesses to the data block in a given period,wherein the given period corresponds to one or more events comprisingbackup or restore operations; and an indication that the data block hasnot yet been backed up; and performing a backup operation for aplurality of data blocks stored in the data warehouse system, includingthe one or more data blocks, wherein said performing comprises: storinga backup copy of the data structure in a remote key-value storagesystem; storing, for each data block stored in the data warehouse systemfor which a corresponding entry in the data structure indicates that ithas not yet been backed up, a backup copy of the data block in theremote key-value storage system; and updating the entry in the datastructure corresponding to each data block that was backed up by thebackup operation to indicate that the data block has been backed up. 15.The non-transitory computer-readable storage medium of claim 14, whereinsaid storing the one or more data blocks in the data warehouse systemcomprises storing two or more copies of each of the one or more datablocks on different storage devices in the data warehouse system. 16.The non-transitory computer-readable storage medium of claim 14, whereinsaid storing the one or more data blocks in the data warehouse systemcomprises generating the unique identifier for each of the one or moredata blocks.
 17. The non-transitory computer-readable storage medium ofclaim 14, wherein when executed on one or more computers, the programinstructions further cause the one or more computers to perform:receiving a query directed to the data in one of the one or more datablocks; and in response to receiving the query, accessing the backupcopy of the one of the one or more data blocks in the remote key-valuestorage system using the unique identifier for the one of the one ormore data blocks as an access key in the remote key-value storagesystem.
 18. A computing system, comprising: one or more computing nodes,each of which comprises at least one processor and a memory, wherein theone or more computing nodes are configured to collectively implement adatabase service; and an interface to a remote key-value storage system;wherein the database service is configured to maintain data on behalf ofone or more subscribers to the database service; wherein the one or morecomputing nodes are configured to store the data maintained on behalf ofthe one or more subscribers in a plurality of physical data blocks onone or more storage devices, wherein each of the plurality of physicaldata blocks is associated with a unique identifier; wherein the databaseservice is configured to maintain a data structure including an entrydescribing each of the plurality of physical data blocks, the entrycomprising: the unique identifier for a physical data block; and atleast one counter indicating a number of accesses to the physical datablock; and wherein the database service is configured to perform abackup operation for the data, wherein to perform the backup operation,the database service is configured to: send to the remote key-valuestorage system, via the interface, a copy of each of the plurality ofphysical data blocks for storage in the remote key-value storage system,wherein the unique identifiers associated with each of the plurality ofphysical data blocks are employable as access keys to access copies ofthe plurality of physical data blocks in the remote key-value storagesystem; and send a backup copy of the data structure for storage in theremote key-value storage system.
 19. The computing system of claim 18,wherein the one or more computing nodes comprise a leader node that isconfigured to maintain one or more query maps and a mapping between thedata maintained on behalf of the one or more subscribers and thelocations at which the data is stored by the database service on the oneor more computing nodes.
 20. The computing system of claim 18, whereinsubsequent to performing the backup operation, the database service isconfigured to perform a restore operation; wherein to perform therestore operation, the database service is configured to retrieve fromthe remote key-value storage system, via the interface, the copies ofeach of the plurality of physical data blocks, using the uniqueidentifiers associated with each of the plurality of physical datablocks as access keys for the copies of the plurality of physical datablocks in the remote key-value storage system; and wherein duringperformance of the restore operation, the database service is furtherconfigured to accept and service query requests directed to the datamaintained on behalf of the one or more subscribers.
 21. The computingsystem of claim 20, wherein to service the query requests directed tothe data maintained on behalf of the one or more subscribers, thedatabase service is configured to retrieve at least some of the datatargeted by the query requests from the remote key-value storage systemprior to completion of the restore operation.
 22. The computing systemof claim 18, wherein the remote key-value storage system is configuredto apply one or more error correction techniques to the copies of theplurality of physical data blocks in the remote key-value storagesystem, the one or more error correction techniques including one ormore of replication, parity, or erasure coding.